001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.security;
018
019import org.apache.activemq.filter.DestinationMapEntry;
020
021import java.util.Collections;
022import java.util.HashSet;
023import java.util.Set;
024import java.util.StringTokenizer;
025
026/**
027 * Represents an entry in a {@link DefaultAuthorizationMap} for assigning
028 * different operations (read, write, admin) of user roles to a specific
029 * destination or a hierarchical wildcard area of destinations.
030 */
031@SuppressWarnings("rawtypes")
032public class AuthorizationEntry extends DestinationMapEntry {
033
034    private Set<Object> readACLs = emptySet();
035    private Set<Object> writeACLs = emptySet();
036    private Set<Object> adminACLs = emptySet();
037
038    protected String adminRoles;
039    protected String readRoles;
040    protected String writeRoles;
041
042    private String groupClass;
043
044    public String getGroupClass() {
045        return groupClass;
046    }
047
048    @SuppressWarnings("unchecked")
049    private Set<Object> emptySet() {
050        return Collections.EMPTY_SET;
051    }
052
053    public void setGroupClass(String groupClass) {
054        this.groupClass = groupClass;
055    }
056
057    public Set<Object> getAdminACLs() {
058        return adminACLs;
059    }
060
061    public void setAdminACLs(Set<Object> adminACLs) {
062        this.adminACLs = adminACLs;
063    }
064
065    public Set<Object> getReadACLs() {
066        return readACLs;
067    }
068
069    public void setReadACLs(Set<Object> readACLs) {
070        this.readACLs = readACLs;
071    }
072
073    public Set<Object> getWriteACLs() {
074        return writeACLs;
075    }
076
077    public void setWriteACLs(Set<Object> writeACLs) {
078        this.writeACLs = writeACLs;
079    }
080
081    // helper methods for easier configuration in Spring
082    // ACLs are already set in the afterPropertiesSet method to ensure that
083    // groupClass is set first before
084    // calling parceACLs() on any of the roles. We still need to add the call to
085    // parceACLs inside the helper
086    // methods for instances where we configure security programatically without
087    // using xbean
088    // -------------------------------------------------------------------------
089    public void setAdmin(String roles) throws Exception {
090        adminRoles = roles;
091        setAdminACLs(parseACLs(adminRoles));
092    }
093
094    public void setRead(String roles) throws Exception {
095        readRoles = roles;
096        setReadACLs(parseACLs(readRoles));
097    }
098
099    public void setWrite(String roles) throws Exception {
100        writeRoles = roles;
101        setWriteACLs(parseACLs(writeRoles));
102    }
103
104    protected Set<Object> parseACLs(String roles) throws Exception {
105        Set<Object> answer = new HashSet<Object>();
106        StringTokenizer iter = new StringTokenizer(roles, ",");
107        while (iter.hasMoreTokens()) {
108            String name = iter.nextToken().trim();
109            String groupClass = (this.groupClass != null ? this.groupClass : DefaultAuthorizationMap.DEFAULT_GROUP_CLASS);
110            answer.add(DefaultAuthorizationMap.createGroupPrincipal(name, groupClass));
111        }
112        return answer;
113    }
114
115    @Override
116    public boolean equals(Object o) {
117        if (this == o) return true;
118        if (!(o instanceof AuthorizationEntry)) return false;
119
120        AuthorizationEntry that = (AuthorizationEntry) o;
121
122        if (adminACLs != null ? !adminACLs.equals(that.adminACLs) : that.adminACLs != null) return false;
123        if (adminRoles != null ? !adminRoles.equals(that.adminRoles) : that.adminRoles != null) return false;
124        if (groupClass != null ? !groupClass.equals(that.groupClass) : that.groupClass != null) return false;
125        if (readACLs != null ? !readACLs.equals(that.readACLs) : that.readACLs != null) return false;
126        if (readRoles != null ? !readRoles.equals(that.readRoles) : that.readRoles != null) return false;
127        if (writeACLs != null ? !writeACLs.equals(that.writeACLs) : that.writeACLs != null) return false;
128        if (writeRoles != null ? !writeRoles.equals(that.writeRoles) : that.writeRoles != null) return false;
129
130        return true;
131    }
132
133    @Override
134    public int hashCode() {
135        int result = readACLs != null ? readACLs.hashCode() : 0;
136        result = 31 * result + (writeACLs != null ? writeACLs.hashCode() : 0);
137        result = 31 * result + (adminACLs != null ? adminACLs.hashCode() : 0);
138        result = 31 * result + (adminRoles != null ? adminRoles.hashCode() : 0);
139        result = 31 * result + (readRoles != null ? readRoles.hashCode() : 0);
140        result = 31 * result + (writeRoles != null ? writeRoles.hashCode() : 0);
141        result = 31 * result + (groupClass != null ? groupClass.hashCode() : 0);
142        return result;
143    }
144}